I've found the new DYNHELO test to be quite useful and I've subsequently stopped using Bud's free external tool (HELOisIP from http://bud.thedurlands.com/ ).
I found it just as effective as HELOisIP, and HELOisIPx wasn't worth running the few extra hits I was getting, plus, the hits I was getting with HELOisIPx were already getting scored quite high, so I've stopped using that too. Andrew 8) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Tuesday, April 12, 2005 10:17 AM To: [email protected] Subject: RE: [Declude.JunkMail] DYNHELO Test Any feedback on these tests and performance will be appreciated here is some info on these tests. BCC bcc 10 x 5 0 This test type, checks to see if there are more than X known BCC:'s for this E-mail (where X is the first test-type-specific piece of information set to 10 in this example). It simply goes through each recipient, and checks to see if the E-mail contains the E-mail address of the recipient. The first piece of test-type-specific information is the minimum number of BCC:'s required in order for the E-mail to fail the test. DYNHELO dynhelo x x 5 0 This test type, attempts to detect dynamic IPs in HELO/EHLO hostnames. This test should be quite effective, since mailservers on IPs that have dynamic-like reverse DNS entries will *not* normally send an HELO/EHLO that looks dynamic. David B www.declude.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, April 12, 2005 1:12 PM To: [email protected] Subject: [Declude.JunkMail] DYNHELO Test Is anyone using the DYNHELO test in Declude - if so do you have any information on it? What specifically is it looking for? False positive rate? I found it in the new global.cfg file, but did not see any references to it in the manual. Also, for the BCC test any thoughts on what the sweet spot tends to be - by default it comes at 10. Has anyone tweaked this? Darrell ------------------------------------------------------------------------ -- Try invURIBL - an advanced URI filtering test that will block more than 85% of all SPAM with the default configuration? Try it for free http://www.invariantsystems.com/invuribl/default.htm --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. __________ NOD32 1.1058 (20050412) Information __________ This message was checked by NOD32 antivirus system. http://www.nod32.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
